#100DaysOfCloud #100DaysOfCyberSecurity snippets starting from 28 SEPT 2022 by your (allegedly) Favorite CISO: https://www.linkedin.com/in/jonathan-r-2b2742112/.
Hoping to spread some knowledge and encourage entry-level professionals to emulate this. For all intents and purposes the current industry hivemind would argue that as a CISO I, 1) probably shouldn't do this because "cIsOs DoNt NeEd To Be TeChNiCaL" and 2) A CISO shouldn't need to "prove" anything - which is a dangerous assumption and why we have busted ass security programs in F500 companies. Gatekeepers can bite my shiny metal ass.
In all seriousness, certs and degrees are fine but not everyone has the economic means to afford them at any given point. As a former hiring manager who built one of the most ambitious cyber security products INSIDE of a massive F500 company with more than 60% of the team being entry-level, I have an opinion that you can teach just about any skills to any candidate that can demonstrate they have a desire and passion to learn and display some personality in their projects.
When you create something like this, it demonstrates you can stick with something (100 days is a lot!), and how you document it and execute tells me far more about your aptitude and attitude than a cert or degree. By all means, don't feel bad for getting them, but for those looking to pivot or to highlight themselves: do this.
- Day 1 AWS environment variables Bash script for Account ID, Account Name, Region & Organizations Principal ID
- Day 2 Python script to find all Default VPCs in every Region in current Account
- Day 3 Python script to find and delete all unused Default VPC and their dependencies in every Region in the current Account
- Day 4 Python script to find all Default Security Groups for every VPC in every Region in the current Account
- Day 5 No code, overview of AWS Network Security solutions
- Day 6 Python script to find certain resources (EC2, RDS, ALB) using the Default SG in every Region in the current Account and deletes the default rules
- Day 7 Python script to automated NMAP TCP scans against public-facing EC2 instances in all Regions in the current Account
- Day 8 Python script to create and attach a basic DNS Firewall with the AWS-managed malware Domain List to all VPCs in your current Region
- Day 9 Python script to create a basic Route 53 Resolver DNS Query Logging Configuration for all VPCs in your current Region and send the logs to CloudWatch
- Day 10 Python AWS Lambda script to parse CloudWatch Logs and print basic information on DNS Firewall events within them. Optional code to send messages to SNS
- Day 11 Python AWS Lambda script (modified Day 10) that enriches DNS Firewall findings with additional information.
- Day 12 Python AWS Lambda script (modified Day 10 & 11) that enriches DNS Firewall findings with IP resolution from
socketas well as provide geo-intel data for the IPs via ip-api.com.
- Day 13 Python script that mirrors enrichment steps from Day 12 and demonstrates the usage of DynamoDB as a write-through cache for IP addresses and associated geolocation data. DynamoDB creation script included.
- Day 14 Python script to create an AWS WAFv2 Web Access Control List (ACL) that contains an IP Set with the latest IOCs from the CINS Score feed.
- Day 15 Modified Day 14 Python script that introduces logic for creating multiple types of IP Sets, updating existing ones, and converting hostnames to domains and into IP addresses. Uses IOCs from CINS Score and Coinblocker feeds. THIS WILL TRIGGER GUARDUDTY ALERTS.
- Day 16 Redid this repo...that's it. LinkedIn post about plans.
- Day 17 Updated Python script to dynamically create and/or update WAF Web ACLs. Includes sample AWS-managed Rule Groups within the Web ACL.
- Day 18 Python script to create an S3 Bucket for WAF Logging and setup logging. Small script included to generate WAF logs.
- Day 19 Python script to batch process and enrich AWS WAF logs that match any BLOCK actions.
- Day 20 Python Lambda function code to process AWS WAF logs placed in S3 buckets in near real time. Similar enrichment flow to Day 19.